Virus Email - Subject: Ecademy to close

There's a virus email doing the rounds that appears to be a message from Ecademy support. It's a Virus or Trojan. At least one copy that we've seen appears to have come from an ADSL broadband line in Chile. The headers are forged and made to look as though it's from a fake Yahoo email address with a fake Yahoo message ID.

Needless to say this is not from Ecademy, and is in no way connected with Ecademy servers, systems or people.

At first glance the message could be taken to be designed to be a malicious attack on Ecademy but I'm inclined to think that it's actually just an example of clever social engineering. It wouldn't surprise me if there are or will be very similar emails apparently about other social networks just as there are already about all the banks.

Ignore it. Don't open it. Delete it.

Julian Bond
Chief Technology Officer
Ecademy

Sandra Surjadiredja

sandrasurjadiredja-190667

Virus Email - Subject: Ecademy to close

My network just got it as well, from ezukerman@yahoo.com, but the sender appears as support@ecademy.com Cheers, Sandra Ecademy B@li Club Advantours TEAM The Web Experts PT. Ersano "Exporting" Era Saka Kuno

0 comments

Julian Bond

jbond

Virus Email - Subject: Ecademy to close

A little more information - The virus payload appears to be this one. http://www.viruslist.com/en/viruses/encyclopedia?virusid=39757 - We've seen emails being sent from Chile and Russia. I've only actually seen two complete examples. The (probably forged) headers share the same fake Yahoo message ID and Yahoo source address and they appear to have come from domestic broadband accounts and gone direct to the recipient's email servers. The headers claim they were sent from Outlook Express. This does all suggest that a botnet has been used to send it. - At least one person who has never been on Ecademy has received a copy. - Some active people on Ecademy with large networks have not received it. - Roughly 60-70 people have reported receiving it. It's very hard to judge how many people it had been sent to. It might be 100, it might be 100,000

0 comments

Al Gates

algates-93438

Virus Email - Subject: Ecademy to close

Al Gateshttp://www.leadgenerationmba.com/images/RHG.gifhttp://www.ecademy.com/module.php?mod=club&c=3512 Opps! I did open it and I think I was infected? Do you have removal instructions at hand? My virus software did not catch it.... So far, I think it has infected my internet explorer, It detects an error and shuts down soon as I start using it. Will run my virus software again to see what it picks up. Any suggestions? Al

0 comments

Vladimir Dimitroff

vdimitroff-19310

If this info helps -

- my email address is rather openly displayed on my profile page, but I was not targeted: apparently the database this sender purchased (or stole) is incomplete, most likely compiled over time using more than one method and source. And a thought: In recent weeks (or couple of months) I have been receiving floods of (legitimate?) invitations from people I usually know, to join one or another of the mushrooming 'social / business' networks. The common elements between them are (a) targeting business people of a 'small to medium' profile similar to Ecademy, and (b) propagation method: once you register, they helpfully offer to automate the spamming of all your contacts from a previous network with an invitation to join the new one. This is greatly helped by the '2.0' fashion of API-s, widgets, plug-ins etc. Some of those invitations were from people I only know on Ecademy - so the platform apparently hasn't prevented them from using rival platform gimmicks and spamming contacts to send them elsewhere. Thomas does it rather energetically all the time - not sure if Ecademy benfits from it. Do you think all those viral campaigns might be the method and source of harvesting e-mail addresses for spam and malware distribution? V. Knowledge: the only product which, once sold, remains with the seller. Give it away!

0 comments

Kevin Meader

amberley-38064

Virus Email - Subject: Ecademy to close

I too have received this E-mail and yes have binned it as our systems strip out suspect spam

0 comments

Paul Moloney

paulmoloney-99506

Virus Email - Subject: Ecademy to close

I've just received it too.. things to spot... email address comes from ezukernam@yahoo.com even though the label on teh email address is "support@ecademy.com" The subject line is "ECADEMY will close work in March 2008" ..and there's an attachment called "002-Ecademy_LegalInstructions.zm9" DO NOT OPEN THIS ATTACHMENT!!! Paul Moloney www.zonemotorsport.co.uk

0 comments

Julian Bond

jbond

Virus Email - Subject: Ecademy to close

It's very common for virus emails to use the address book of the infected PC. If it was someone who was on Ecademy with a large contacts list they could easily have a large number of Ecademy member's email addresses which would then be used. Then again, a spider could find a large number of addresses from the site simply by scanning profile pages for people who show them. Even though we hide them a bit with javascript. But note here that not all members have received the email. The list of addresses has definitely been obtained from outside Ecademy. At this time I'm really only guessing what's going on here. I've only seen one email in full with full headers and those are undoubtedly forged. "why were we not informed by management earlier?" How much earlier were you hoping for? ;)

1 comments

Matthew Anderson

matthewanderson3-191904

Virus Email - Subject: Ecademy to close

Hi Julian @ At first glance the message could be taken to be designed to be a malicious attack on Ecademy but I'm inclined to think that it's actually just an example of clever social engineering. This is a clever piece of social engineering, it is however, also an attack on Ecademy, check out the profiles of all people who have mentioned receiving a copy of this email. All that I checked have their email addresses there. I do not have my email address on my profile and DID NOT receive a copy. Co-incidence? I think not. The email was crafted carefully and directed at Ecademy users. This makes in an attack on Ecademy. I would like to know why there is not an Email from you guys in my inboxes, several hours ago, warning me not to open any attachments. How many people do you think opened this attachment that wouldn't not have done if such an email had been sent. Warning us on the blog front page is all very well but an email several hours ago would have been a lot better. Matthew

1 comments